Latest Elastic Kibana vulnerabilities #
On March 5th, 2025, Elastic disclosed a vulnerability in versions 8.15.0 to 8.17.2 of Kibana.
Note: Elastic indicates that the vulnerability is tracked as CVE-2025-25012 which is currently unlisted in the NIST NVD. NIST does seem to track this as CVE-2025-25015 so that is what we use below.
- CVE-2025-25015 is rated critical with a CVSSv3 base score of 9.9. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary code.
What is the impact? #
Upon successful exploitation of this vulnerability, an attacker who could upload a file and execute a crafted HTTP request could execute arbitrary code. The rights required depend upon the version.
- Kibana versions >= 8.15.0 and < 8.17.1, this is exploitable by users with the Viewer role
- Kibana versions 8.17.1 and 8.17.2, this is only exploitable by users that have roles that contain all the following privileges: fleet-all, integrations-all, actions:execute-advanced-connectors
Are updates or workarounds available? #
Elastic recommends that customers upgrade to Kibana version 8.17.3. For users that cannot upgrade they recommend implementing the following setting in Kibana's configuration:
xpack.integration_assistant.enabled: false
How to find Elastic Kibana installations with runZero #
Vulnerable versions of Elastic Kibana can be found in the Software inventory using the following query:
product:kibana AND (version:>8.14 AND version:<8.17.3)From the Asset Inventory, use the following query to locate assets running any version of Elastic Kibana:
product:kibana
